#!/usr/bin/awk -f
# $Id: ipsecctl.awk 9ce65bed8ef4 2012/08/26 02:14:51 pgurumur $
# Copyright (c) 2012 Prabhu Gurumurthy <pgurumur@gmail.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#

# __version__  = "$Revision: 9ce65bed8ef4 $"
# __author__   = "$Author: pgurumur $"
# __modified__ = "$Date: 2012-08-26 02:14:51Z $"

BEGIN {
   sad = 0;
}

$1 == "flow" {
   printf("ike flows\n");
   printf("\t protocol: %s\n", $2);
   printf("\t direction: %s\n", $3);
   printf("\t\t from: %s\n", $5);
   printf("\t\t to: %s\n", $7);
   printf("\n\n");
}

$1 ~ /esp|ah/ {
   sad = 1;
   printf("Security Association Database\n");
   printf("\t IPsec framework protocol used: %s\n", $1);
   printf("\t IPsec mode used: %s\n", $2);
   printf("\t\t Security parameters index: %s\n", $8);
   printf("\t\t Authentication used: %s\n", $10);
   if ($1 == "esp") {
      printf("\t\t Encryption used: %s\n", $12);
   }
}

$1 ~ /authkey|enckey/ {
   if (sad == 1) {
      if ($1 == "authkey") {
         printf("Authentication key: %s\n", $2);
      }

      if ($1 == "enckey") {
         printf("Encryption key: %s\n", $2);
      }
   }
   printf("\n\n");
}
